eScan errorit lisätty

sitten ajat sen combofixsin.
Kyllähän sinne vielä mahtuu Malwarebytes' Anti-Malwaren löytämien sekaan vielä yksi lisää

 

ei auttanu..



ComboFix 09-03-01.01 - Omistaja 2009-03-02 13:46:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.511.251 [GMT 2:00]
Sijainti: c:\documents and settings\Omistaja\Työpöytä\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090301-0] *On-access scanning disabled* (Updated)
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\dialers
c:\program files\INSTALL.LOG
c:\windows\system32\iAlmcoin.dll
D:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-02 to 2009-03-02 )))))))))))))))))
.

2009-03-01 18:15 . 2009-03-01 18:16 47 --a------ C:\Poisto.bat
2009-03-01 15:56 . 2009-03-01 15:56 <KANSIO> d-------- c:\program files\Common Files\Skype
2009-03-01 11:37 . 2009-03-01 11:37 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 11:37 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 11:37 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-28 22:47 . 2009-02-28 22:47 65 --a------ c:\windows\boc427.ini
2009-02-28 19:31 . 2009-02-28 22:44 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\BOC427
2009-02-28 19:31 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2009-02-28 19:31 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2009-02-28 19:31 . 2008-04-14 18:11 24,064 --a------ c:\windows\system32\wsock32.dlb
2009-02-27 21:30 . 2009-02-27 21:30 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Windows Desktop Search
2009-02-27 19:33 . 2009-02-27 19:33 <KANSIO> d-------- c:\windows\system32\GroupPolicy
2009-02-27 19:33 . 2009-02-27 19:33 <KANSIO> d-------- c:\program files\Windows Desktop Search
2009-02-27 19:22 . 2008-03-07 19:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-02-27 19:22 . 2008-03-07 19:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-02-27 19:22 . 2008-03-07 19:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-02-26 10:51 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-25 23:51 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-25 23:38 . 2009-02-25 23:50 <KANSIO> d-------- c:\windows\system32\XPSViewer
2009-02-25 23:38 . 2009-02-25 23:38 <KANSIO> d-------- c:\program files\Reference Assemblies
2009-02-25 23:38 . 2009-02-25 23:38 <KANSIO> d-------- c:\program files\MSBuild
2009-02-25 23:37 . 2009-02-25 23:37 <KANSIO> d-------- C:\8efe1066a27e691d2ff4ef318783cd
2009-02-25 23:37 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-25 23:37 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-25 23:37 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-25 23:37 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-25 23:37 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-25 23:37 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-25 23:37 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-25 14:51 . 2009-02-25 14:51 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Malwarebytes
2009-02-25 14:49 . 2009-02-25 14:49 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 22:09 . 2009-02-24 22:09 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-22 12:38 . 2009-02-21 22:51 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-21 22:54 . 2009-02-21 22:51 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-21 22:48 . 2009-02-21 22:54 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-21 22:48 . 2009-02-21 22:49 <KANSIO> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-21 21:47 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-21 21:31 . 2009-02-21 21:31 <KANSIO> d-------- c:\program files\Microsoft Sync Framework
2009-02-21 21:30 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-02-21 21:28 . 2009-02-21 21:28 <KANSIO> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-21 12:23 . 2009-02-21 12:38 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-20 18:17 . 2009-02-20 18:17 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\F-Secure
2009-02-20 18:00 . 2009-02-21 12:43 <KANSIO> d-------- c:\program files\F-Secure Internet Security
2009-02-20 17:58 . 2009-02-20 17:59 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\fssg
2009-02-20 17:56 . 2009-02-21 12:34 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\f-secure
2009-02-20 13:30 . 2009-03-01 20:41 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Comodo
2009-02-20 11:04 . 2009-02-20 11:04 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\38FA
2009-02-17 19:00 . 2009-02-17 19:00 <KANSIO> d-------- c:\program files\NOS
2009-02-17 19:00 . 2009-02-17 19:02 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-14 11:51 . 2009-02-14 11:51 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\10271
2009-02-13 20:43 . 2009-02-19 15:03 <KANSIO> d-------- c:\program files\mIRC
2009-02-09 11:53 . 2009-02-09 11:53 <KANSIO> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-09 11:53 . 2009-02-09 11:53 <KANSIO> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-06 19:32 . 2009-02-06 19:32 308,104 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-05 16:10 . 2009-02-05 16:10 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\3280

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 11:52 --------- d-----w c:\documents and settings\Omistaja\Application Data\Skype
2009-03-02 10:56 --------- d-----w c:\documents and settings\Omistaja\Application Data\skypePM
2009-03-01 18:49 --------- d-----w c:\program files\COMODO
2009-03-01 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-03-01 13:56 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-01 13:56 --------- d-----r c:\program files\Skype
2009-03-01 11:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-26 16:51 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 09:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-23 16:49 --------- d-----w c:\program files\Wings 2
2009-02-21 20:48 --------- d-----w c:\program files\Lavasoft
2009-02-21 19:48 --------- d-----w c:\program files\Microsoft
2009-02-21 19:47 --------- d-----w c:\program files\Windows Live
2009-02-20 12:17 --------- d-----w c:\documents and settings\All Users\Application Data\_comodo_
2009-02-20 09:02 --------- d-----w c:\program files\iMesh Applications
2009-02-19 13:12 --------- d-----w c:\documents and settings\Omistaja\Application Data\mIRC
2009-02-18 11:48 --------- d-----w c:\program files\Common Files\Adobe
2009-02-12 13:12 --------- d-----w c:\program files\Google
2009-02-10 08:44 34 ----a-w c:\documents and settings\Omistaja\jagex_runescape_preferences.dat
2009-02-09 17:59 --------- d-----w c:\program files\CCleaner
2009-02-01 16:07 --------- d-----w c:\documents and settings\Omistaja\Application Data\Apple Computer
2009-02-01 16:03 --------- d-----w c:\program files\QuickTime
2009-02-01 16:02 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-01 16:01 --------- d-----w c:\program files\Apple Software Update
2009-02-01 16:01 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-31 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\81E4
2009-01-31 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\38177
2009-01-30 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\242E
2009-01-30 19:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 19:24 --------- d--h--w c:\documents and settings\All Users\Application Data\{FC488EFD-EF53-4EB6-A106-329E2816542A}
2009-01-30 19:23 --------- d-----w c:\program files\Creative
2009-01-30 19:21 --------- d--h--w c:\documents and settings\All Users\Application Data\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}
2009-01-30 19:20 --------- d--h--w c:\documents and settings\All Users\Application Data\{90F3B5EB-A471-42F9-A905-991C2DB2312C}
2009-01-30 16:27 --------- d-----w c:\documents and settings\Omistaja\Application Data\Creative
2009-01-30 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-01-30 16:23 --------- d-----w c:\program files\Audible
2009-01-28 16:05 --------- d-----w c:\documents and settings\All Users\Application Data\8AB
2009-01-26 10:40 --------- d-----w c:\documents and settings\Omistaja\Application Data\Nvu
2009-01-24 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-01-24 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\espionServerData
2009-01-24 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-24 13:19 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-24 12:47 --------- d-----w c:\documents and settings\Omistaja\Application Data\Download Manager
2009-01-22 14:37 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-19 10:47 27,136 ----a-w c:\windows\~GLH0001.TMP
2009-01-16 20:55 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-16 13:05 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-16 13:05 --------- d-----w c:\program files\Java
2009-01-16 11:49 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-16 11:45 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-15 17:40 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-15 00:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 00:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 00:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 00:03 72,704 ----a-w c:\windows\system32\admparse.dll
2009-01-15 00:03 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-01-15 00:03 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-01-15 00:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 00:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 00:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-14 23:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-09 16:14 --------- d-----w c:\program files\Alwil Software
2009-01-09 10:30 --------- d-----w c:\documents and settings\Omistaja\Application Data\yoclient
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2007-10-13 13:35 3,518 ----a-w c:\program files\uninstal.log
2007-08-11 15:16 0 ----a-w c:\documents and settings\Omistaja\conf.dat
2005-11-14 20:11 32 ----a-r c:\documents and settings\All Users\hash.dat
2005-01-28 06:07 30,432 ----a-w c:\documents and settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2003-12-13 13:45 28,880 ----a-w c:\windows\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT
2003-12-13 13:45 28,880 ----a-w c:\documents and settings\kone\Application Data\GDIPFONTCACHEV1.DAT
1999-06-25 07:55 149,504 ----a-w c:\program files\UNWISE.EXE
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 16:04 398768 --a------ c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-21 509784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-02-02 181624]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= oepl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LEGO Media\\Constructive\\LEGO LOCO\\Exe\\Loco.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Downloads\\CabalTemp\\ESTdnheadless.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Wings 2\\bin\\Wings.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-21 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-01 114768]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-01 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-21 55152]
R2 fsssvc;Windows Live -perheturva;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 gupdate1c98b82ef51fa4a;Google Update Service (gupdate1c98b82ef51fa4a);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\Omistaja\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\Omistaja\LOCALS~1\Temp\Fadpu16E.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-17 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-21 22:51]

2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 15:23]

2009-03-02 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 15:24]

2009-03-02 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-02-02 18:12]

2009-03-02 c:\windows\Tasks\PCHealth-ajoitus lataamiskirjastoa varten.job
- c:\windows\PCHealth\UploadLB\Binaries\UploadM.exe [2008-04-14 18:12]

2009-03-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-09-02 15:25]

2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{B597C89C-46F7-4B26-8D00-F7FB6638B0EE}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
.
------- Täydentävä tarkistus -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Lataa FlashGetillä - c:\program files\FlashGet\jc_link.htm
IE: Lataa kaikki FlashGetillä - c:\program files\FlashGet\jc_all.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} - hxxp://superstarracing.net/ChatRepublicPlayer.cab
FF - ProfilePath - c:\documents and settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\bdzi22fq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1768927&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Habbo-FI Customized Web Search
FF - prefs.js: browser.startup.homepage - google.fi/ig
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1768927&SearchSource=2&q=
FF - component: c:\documents and settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\bdzi22fq.default\extensions\{2cd812a4-b1b7-4fa7-9f81-61c52cacdbea}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 13:52:40
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):38,31,2a,9c,ca,a9,56,b9,08,d8,1f,5f,76,12,ec,d5,9c,05,6a,78,c0,
7f,85,81,fa,e2,0d,4a,cb,e0,50,31,4d,cb,f8,4c,5e,bc,f8,43,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9b167484-3e1a-47be-b0ce-a0f8817c0587}]
@Denied: (Full) (Everyone)
"Model"=dword:0000010d
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ÿcÓw*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2009-03-02 13:57:24
ComboFix-quarantined-files.txt 2009-03-02 11:56:48

Ennen ajoa: 71 919 714 304 tavua vapaana
Ajon jälkeen: 72,013,099,008 tavua vapaana

278 --- E O F --- 2009-03-01 10:12:14

 

Scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:38, on 2.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\iMesh Applications\iMesh\iMesh.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://superstarracing.net/ChatRepublicPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: oepl.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c98b82ef51fa4a) (gupdate1c98b82ef51fa4a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9405 bytes

 

Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna nimellä

Kohde: Työpöytä

Tiedostonnimi: CFScript.txt

Tallennusmuoto: Kaikki tiedostot

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

 

ComboFix 09-03-02.03 - Omistaja 2009-03-03 14:43:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.511.173 [GMT 2:00]
Sijainti: c:\documents and settings\Omistaja\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\Omistaja\Työpöytä\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090302-0] *On-access scanning disabled* (Updated)
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\_comodo_
c:\documents and settings\All Users\Application Data\comodo
c:\documents and settings\All Users\Application Data\f-secure
c:\documents and settings\All Users\Application Data\f-secure\Daas2\acl\fsc_revoke_hq.acl
c:\documents and settings\All Users\Application Data\f-secure\Daas2\acl\fsc_root.acl
c:\documents and settings\All Users\Application Data\f-secure\Daas2\cert\fsc (revoke hq).crl
c:\documents and settings\All Users\Application Data\f-secure\logs\custom\custinstall.log
c:\documents and settings\All Users\Application Data\f-secure\logs\DAAS2\DAAS2INS.LOG
c:\documents and settings\All Users\Application Data\f-secure\logs\DAAS2\Daas2Uni.LOG
c:\documents and settings\All Users\Application Data\f-secure\logs\FSFW\action.log
c:\documents and settings\All Users\Application Data\f-secure\logs\FSFW\alertlog.dat
c:\documents and settings\All Users\Application Data\f-secure\logs\FSMA\fsma.log
c:\documents and settings\All Users\Application Data\f-secure\logs\FSPC\FSPCINST.LOG
c:\documents and settings\All Users\Application Data\f-secure\logs\ilaunchr.log
c:\documents and settings\All Users\Application Data\f-secure\logs\ORSP Client\ORSPINST.LOG
c:\documents and settings\All Users\Application Data\f-secure\logs\ORSP Client\OrspUnin.LOG
c:\documents and settings\All Users\Application Data\f-secure\setup\ih8.cfg
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Catalog.LiveUpdate.backup
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Catalog.LiveUpdate.backup
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Catalog.LiveUpdate.backup
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2_microdefsb.curdefs_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2_microdefsb.feb_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2_microdefsb.full_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2_microdefsb.jan_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2_microdefsb.mar_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\common$20client$20core_1.0.3_finnish_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.apr_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.aug_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.curdefs_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.dec_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.error_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.feb_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.jan_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.jul_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.jun_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.mar_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.may_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.nov_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.oct_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20defs$202003$20microdefs25_microdefsb.sep_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\livereg_2.2.5_finnish_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\minitri.flg
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\navnt$20noscrblock_9.05_finnish_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20internet$20security$2d$20muu_1.0_finnish_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20internet$20security_6.0.2_finnish_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20internet$20security_6.0.4.1_finnish_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20internet$20security_6.0.4_finnish_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20internet$20securityn$20ids$2dtunnusmerkit_1.0_finnish_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20wmi$20master$20patch_0.1_finnish_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symevent$20installer$20$2d$20consumer_11.1.0_english_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symevent$20installer$20$2d$20consumer_11.3_english_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symevent$20installer$20$2d$20consumer_11.5_english_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symnet$20consumer_5.0.2_english_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symnet$20consumer_5.0.4_english_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Catalog.LiveUpdate.backup
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LastGood.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Confdntl.log
c:\documents and settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Content.log
c:\documents and settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Privacy.log
c:\documents and settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Restrict.log
c:\documents and settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Spam.log
c:\documents and settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\WebHist.log
c:\documents and settings\All Users\Application Data\Symantec\Norton Personal Firewall\readme.txt
c:\documents and settings\Omistaja\Application Data\Comodo

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-03 to 2009-03-03 )))))))))))))))))
.

2009-03-02 15:00 . 2009-03-02 15:00 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\4271
2009-03-01 18:15 . 2009-03-01 18:16 47 --a------ C:\Poisto.bat
2009-03-01 15:56 . 2009-03-01 15:56 <KANSIO> d-------- c:\program files\Common Files\Skype
2009-03-01 11:37 . 2009-03-01 11:37 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 11:37 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 11:37 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-28 22:47 . 2009-02-28 22:47 65 --a------ c:\windows\boc427.ini
2009-02-28 19:31 . 2009-02-28 22:44 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\BOC427
2009-02-28 19:31 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2009-02-28 19:31 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2009-02-28 19:31 . 2008-04-14 18:11 24,064 --a------ c:\windows\system32\wsock32.dlb
2009-02-27 21:30 . 2009-02-27 21:30 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Windows Desktop Search
2009-02-27 19:33 . 2009-02-27 19:33 <KANSIO> d-------- c:\windows\system32\GroupPolicy
2009-02-27 19:33 . 2009-02-27 19:33 <KANSIO> d-------- c:\program files\Windows Desktop Search
2009-02-27 19:22 . 2008-03-07 19:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-02-27 19:22 . 2008-03-07 19:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-02-27 19:22 . 2008-03-07 19:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-02-26 10:51 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-25 23:51 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-25 23:38 . 2009-02-25 23:50 <KANSIO> d-------- c:\windows\system32\XPSViewer
2009-02-25 23:38 . 2009-02-25 23:38 <KANSIO> d-------- c:\program files\Reference Assemblies
2009-02-25 23:38 . 2009-02-25 23:38 <KANSIO> d-------- c:\program files\MSBuild
2009-02-25 23:37 . 2009-02-25 23:37 <KANSIO> d-------- C:\8efe1066a27e691d2ff4ef318783cd
2009-02-25 23:37 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-25 23:37 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-25 23:37 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-25 23:37 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-25 23:37 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-25 23:37 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-25 23:37 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-25 14:51 . 2009-02-25 14:51 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Malwarebytes
2009-02-25 14:49 . 2009-02-25 14:49 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 22:09 . 2009-02-24 22:09 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-22 12:38 . 2009-02-21 22:51 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-21 22:54 . 2009-02-21 22:51 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-21 22:48 . 2009-02-21 22:54 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-21 22:48 . 2009-02-21 22:49 <KANSIO> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-21 21:47 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-21 21:31 . 2009-02-21 21:31 <KANSIO> d-------- c:\program files\Microsoft Sync Framework
2009-02-21 21:30 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-02-21 21:28 . 2009-02-21 21:28 <KANSIO> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-21 12:23 . 2009-02-21 12:38 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-20 18:17 . 2009-02-20 18:17 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\F-Secure
2009-02-20 18:00 . 2009-02-21 12:43 <KANSIO> d-------- c:\program files\F-Secure Internet Security
2009-02-20 17:58 . 2009-02-20 17:59 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\fssg
2009-02-20 11:04 . 2009-02-20 11:04 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\38FA
2009-02-17 19:00 . 2009-02-17 19:00 <KANSIO> d-------- c:\program files\NOS
2009-02-17 19:00 . 2009-02-17 19:02 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-14 11:51 . 2009-02-14 11:51 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\10271
2009-02-13 20:43 . 2009-02-19 15:03 <KANSIO> d-------- c:\program files\mIRC
2009-02-09 11:53 . 2009-02-09 11:53 <KANSIO> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-09 11:53 . 2009-02-09 11:53 <KANSIO> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-06 19:32 . 2009-02-06 19:32 308,104 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-05 16:10 . 2009-02-05 16:10 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\3280

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 18:33 --------- d-----w c:\documents and settings\Omistaja\Application Data\Skype
2009-03-02 15:28 --------- d-----w c:\documents and settings\Omistaja\Application Data\skypePM
2009-03-02 12:13 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-01 18:49 --------- d-----w c:\program files\COMODO
2009-03-01 13:56 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-01 13:56 --------- d-----r c:\program files\Skype
2009-02-26 16:51 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 09:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-23 16:49 --------- d-----w c:\program files\Wings 2
2009-02-21 20:48 --------- d-----w c:\program files\Lavasoft
2009-02-21 19:48 --------- d-----w c:\program files\Microsoft
2009-02-21 19:47 --------- d-----w c:\program files\Windows Live
2009-02-20 09:02 --------- d-----w c:\program files\iMesh Applications
2009-02-19 13:12 --------- d-----w c:\documents and settings\Omistaja\Application Data\mIRC
2009-02-18 11:48 --------- d-----w c:\program files\Common Files\Adobe
2009-02-12 13:12 --------- d-----w c:\program files\Google
2009-02-10 08:44 34 ----a-w c:\documents and settings\Omistaja\jagex_runescape_preferences.dat
2009-02-09 17:59 --------- d-----w c:\program files\CCleaner
2009-02-01 16:07 --------- d-----w c:\documents and settings\Omistaja\Application Data\Apple Computer
2009-02-01 16:03 --------- d-----w c:\program files\QuickTime
2009-02-01 16:02 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-01 16:01 --------- d-----w c:\program files\Apple Software Update
2009-02-01 16:01 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-31 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\81E4
2009-01-31 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\38177
2009-01-30 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\242E
2009-01-30 19:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 19:24 --------- d--h--w c:\documents and settings\All Users\Application Data\{FC488EFD-EF53-4EB6-A106-329E2816542A}
2009-01-30 19:23 --------- d-----w c:\program files\Creative
2009-01-30 19:21 --------- d--h--w c:\documents and settings\All Users\Application Data\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}
2009-01-30 19:20 --------- d--h--w c:\documents and settings\All Users\Application Data\{90F3B5EB-A471-42F9-A905-991C2DB2312C}
2009-01-30 16:27 --------- d-----w c:\documents and settings\Omistaja\Application Data\Creative
2009-01-30 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-01-30 16:23 --------- d-----w c:\program files\Audible
2009-01-28 16:05 --------- d-----w c:\documents and settings\All Users\Application Data\8AB
2009-01-26 10:40 --------- d-----w c:\documents and settings\Omistaja\Application Data\Nvu
2009-01-24 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-01-24 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\espionServerData
2009-01-24 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-24 13:19 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-24 12:47 --------- d-----w c:\documents and settings\Omistaja\Application Data\Download Manager
2009-01-22 14:37 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-19 10:47 27,136 ----a-w c:\windows\~GLH0001.TMP
2009-01-16 20:55 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-16 13:05 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-16 13:05 --------- d-----w c:\program files\Java
2009-01-16 11:49 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-16 11:45 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-15 00:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 00:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 00:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 00:03 72,704 ----a-w c:\windows\system32\admparse.dll
2009-01-15 00:03 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-01-15 00:03 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-01-15 00:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 00:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 00:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-14 23:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-09 16:14 --------- d-----w c:\program files\Alwil Software
2009-01-09 10:30 --------- d-----w c:\documents and settings\Omistaja\Application Data\yoclient
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2007-10-13 13:35 3,518 ----a-w c:\program files\uninstal.log
2007-08-11 15:16 0 ----a-w c:\documents and settings\Omistaja\conf.dat
2005-11-14 20:11 32 ----a-r c:\documents and settings\All Users\hash.dat
2005-01-28 06:07 30,432 ----a-w c:\documents and settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2003-12-13 13:45 28,880 ----a-w c:\windows\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT
2003-12-13 13:45 28,880 ----a-w c:\documents and settings\kone\Application Data\GDIPFONTCACHEV1.DAT
1999-06-25 07:55 149,504 ----a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-03-02_13.55.22,21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 12:39:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5ac.dat
+ 2009-03-03 12:39:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_790.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 16:04 398768 --a------ c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-21 509784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-02-02 181624]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= oepl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LEGO Media\\Constructive\\LEGO LOCO\\Exe\\Loco.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Downloads\\CabalTemp\\ESTdnheadless.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Wings 2\\bin\\Wings.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-21 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-01 114768]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-01 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-21 55152]
R2 fsssvc;Windows Live -perheturva;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 gupdate1c98b82ef51fa4a;Google Update Service (gupdate1c98b82ef51fa4a);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\Omistaja\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\Omistaja\LOCALS~1\Temp\Fadpu16E.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-17 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-21 22:51]

2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 15:23]

2009-03-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 15:24]

2009-03-03 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-02-02 18:12]

2009-03-03 c:\windows\Tasks\PCHealth-ajoitus lataamiskirjastoa varten.job
- c:\windows\PCHealth\UploadLB\Binaries\UploadM.exe [2008-04-14 18:12]

2009-03-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-09-02 15:25]

2009-03-03 c:\windows\Tasks\User_Feed_Synchronization-{B597C89C-46F7-4B26-8D00-F7FB6638B0EE}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
.
------- Täydentävä tarkistus -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Lataa FlashGetillä - c:\program files\FlashGet\jc_link.htm
IE: Lataa kaikki FlashGetillä - c:\program files\FlashGet\jc_all.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} - hxxp://superstarracing.net/ChatRepublicPlayer.cab
FF - ProfilePath - c:\documents and settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\bdzi22fq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1768927&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Habbo-FI Customized Web Search
FF - prefs.js: browser.startup.homepage - google.fi/ig
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1768927&SearchSource=2&q=
FF - component: c:\documents and settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\bdzi22fq.default\extensions\{2cd812a4-b1b7-4fa7-9f81-61c52cacdbea}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 14:48:56
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):38,31,2a,9c,ca,a9,56,b9,08,d8,1f,5f,76,12,ec,d5,9c,05,6a,78,c0,
7f,85,81,fa,e2,0d,4a,cb,e0,50,31,4d,cb,f8,4c,5e,bc,f8,43,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9b167484-3e1a-47be-b0ce-a0f8817c0587}]
@Denied: (Full) (Everyone)
"Model"=dword:0000010d
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ÿcÓw*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2009-03-03 14:54:37
ComboFix-quarantined-files.txt 2009-03-03 12:54:04
ComboFix2.txt 2009-03-02 11:57:25

Ennen ajoa: 71,850,168,320 tavua vapaana
Ajon jälkeen: 71,836,467,200 tavua vapaana

353 --- E O F --- 2009-03-01 10:12:14

 

scannaa uusi hjt:n loki

 

saanko jo comodon takas?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:40, on 4.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://superstarracing.net/ChatRepublicPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: oepl.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c98b82ef51fa4a) (gupdate1c98b82ef51fa4a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9163 bytes

 

kääks ei kai tihutyöläinen oo päässy tänne ku on Explorer.EXE vaikka se on explorer.exe oikeesti

 

Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

 

en saa liitettyä se on liian iso ja tää lagaa siihe lataus kohtaa

 

ERROR!!! Invalid Entry system32\drivers\ALCXSENS.SYS in SYSTEM\CurrentControlSet\Services\ALCXSENS... <- kaiuttimen ohjaimet, saisko korjata ton errorin? siinä on syy miks kaiutin ei toimi

tässä 2 muuta erroria:

ERROR!!! Invalid Entry \??\C:\DOCUME~1\Omistaja\LOCALS~1\Temp\Fadpu16E.sys in SYSTEM\CurrentControlSet\Services\Fadpu16E...

ERROR!!! Invalid Entry \??\C:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys in SYSTEM\CurrentControlSet\Services\npkcrypt...


Viruksia ei siis tainnu löytyä?

ja tosiaan koko logia ei pysty postaan muuten jumittaa loading kohtaan

 

Niin se on se alimainen luukku jos siihen jotain tulee.

 

löysin vaa noi 3 erroria ja halusin korjata sen alchenx.sys ku se on kaiutin.. alaluukussa ei siis mitään